Never underestimate the Brits. They’ve now pushed the bar even higher.

All it took was a flash drive found in the car park of a pub, The Orbital. It had user names and the hashed passwords of Government Gateway accounts, which provides centralised authentication to important online services such as tax returns. Worse, the flash drive had the source code, security software, and a step-by-step guide to how the Government Gateway works. And, the fact that it belonged to Daniel Harrington, an IT analyst at Atos Origin, the company which manages the Government Gateway.

The flash drive was lost about two weeks ago. Daniel must have just started to believe that his prayers had been answered with the flash drive forever lost. No such luck. Tellingly, it was turned into a newspaper (The Mail on Sunday) rather than given back to the government.

The point isn’t that the flash drive was lost. What was all that data doing on it in the first place? The Prime Minister is pointing the finger at Atos Origin which is fingering Daniel for breaching operating procedures. Really? Sounds exactly like Chancellor Alistair Darling pointing to a junior official in the HMRC case. It really shouldn’t be so easy to evade accountability.

Why was the flash drive unencrypted? The passwords were encrypted but, throw enough resources at it, and it shouldn’t be that hard to break. It’s impossible to say how many copies of the flash drive may be in circulation.

Some will use this to question the UK’s plan for a National Identity Card. Others will again proclaim the death of passwords. Yet others will cry that it’s the tip of the iceberg- who knows how many other unreported breaches of this magnitude are happening around the world? I’m sure at least a few will wonder what if it had been biometric templates.

Me, I mourn the blows to trust in government and online services all over the world. And the frightening reality that past lessons are simply being ignored, taking us ever closer to a tipping point.

In my first official post on the SSC blog, I mentioned that April is Identity Month, a time for NZ government agencies to talk about identity management.

The first event of the month was yesterday when the Biometrics Institute organised its 2008 Annual New Zealand Conference. I co-presented with a colleague about igovt and then was on the “Biometric Data Management and Data Security Issues” panel. The panel discussion gave me an opportunity to talk about the dangers of using static identifiers like biometrics and gave the example of Germany’s unfortunate interior minister.

The highlight of the month is the Identity Conference on 29th and 30th April but there are two more events around the same time that are worth having a look at:

I think it’s a stark reminder that some biometrics- such as a person’s fingerprints- are reasonably easy to get. And, once compromised, the person can’t ring up a help desk and get a new one (like they can passwords).

The current story revolves around Germany’s interior minister, Wolfgang Schauble. He is apparently quite vocal about collecting and using biometrics to fight terrorism, including storing them in ePassports.

In the most recent issue of Die Datenschleuder, activists under the name of Chaos Computer Club (“Europe’s largest hacker group”) printed the image of, what they claim, is the fingerprint of his index finger.

The fingerprint, on a plastic foil that leaves fingerprints when it is pressed against biometric readers, is included in the 4,000 copies of the latest issue of the magazine. Schauble’s fingerprint was said to be captured off a water glass he used last summer while participating in a public discussion at a University in Berlin.

If a person’s fingerprints are “in the wild” then they are a far less reliable way to authenticate the person for his/her whole life. If enough fingerprints are similarly widely available- whether by accident or deliberately- it will be enough to make fingerprinting almost useless.

Given front page news that SmartGate “would be tested in Wellington in the next few months and available for all trans-Tasman travel in time for the 2011 Rugby World Cup,” I was curious to see what reaction it would evoke in NZ.

Not too much. Over at NZ Herald, Peter Griffin in a blog post was cautiously welcoming (once he got an ePassport). Other than that, I haven’t come across anything. Not sure if that is a good thing or a bad thing.

SmartGate is an Australian self-service automated passport checking system that involves a kiosk and a gate. Step 1 checks if a traveller can use the automated option including the immigration and customs checks. Notably, this step includes “The photo in the ePassport is electronically retrieved and stored in a database.”

In Step 2, at the gate, a camera compares an image of the traveller’s face using facial recognition against the image stored in the database.

For eligible travellers who pass the Step 1 checks, SmartGate should reduce airport queues. Despite it’s troubled past, it’s believed to be operating smoothly in Brisbane and Cairns International Airports. An interim solution is also working in Sydney and Melbourne International Airports. Currently, only Australians and Kiwis can use SmartGate in these airports.

According to the FAQs, “All personal data collected via SmartGate, (including the photograph), will be treated in the same way as information collected manually upon arrival.” Also worth noting on the positive side is that the system is optional (see earlier post about the power of choice) and does not use fingerprints (see earlier post about this).

Still, an Australian system, biometrics, some unanswered questions… I would have thought some of these would lead to greater public interest in NZ; though not necessarily negative as Peter Griffin’s post shows.

Recent reports from both sides of the Tasman have once again shown public resistance to widespread fingerprinting. At least for citizens…

In NZ, following significant negative reactions from public consultation, police will only have the power to collect and store fingerprints “for the purpose of enabling the commencement of a prosecution.” Police will not be able to require fingerprints from people suspected of non-prosecutable offences, such as minor traffic infringements, or for routine identity checking.

Further, they would have to destroy those records as soon as practical once they decide not to arrest or charge a person with an offence, or if the person is acquitted.

Across the Tasman, ZDNet Australia reports that “there is a culture of resistance to fingerprinting in the community- a factor which may be holding back government from adopting the technology…Fingerprinting in Australia is not seen as an inviting technology.”

Further, CIO Magazine reports that despite a new ISO standard to provide a security framework for using biometrics for authentication of individuals in financial services (ISO 19092:2008), Australian banks are likely to restrict themselves to only exploring more use of voice verification.

As the ZDNet article points out, the Australian government continues to have a big interest in introducing biometrics. And, just as in other countries such as the UK, they want to start with non-citizens.

Not surprisingly, their choice is a group of people who have limited capacity to object.

The school has introduced a fingerprint scanning system that allows only authorised parents and staff to access the nursery. Apparently, this is to reassure parents following the disappearance of Madeleine McCann. There are additional unspecified “video and audio systems.”

Why not just chip the kids and be done with it? Make the chips GPS-trackable and all those concerned parents and school authorities can be assured that their wee tots are safe. Better still, parents can locate ’em any time online. That’ll be handy as tots have a nasty habit of becoming teens.

From the outside, it seems that one of the central beliefs in the US government is that if they can collect every person’s biometrics on Earth and put that into a database, then they can substantially solve all their security problems. Federal authorities have pursued this approach almost single-mindedly over the past few years.

Sometimes these efforts have been overt. A good example is the US-VISIT Program where visitors to the US have to endure lengthy delays as everyone’s fingerprints (currently both index fingers but soon all ten) and photograph are taken.

For me personally, after a 12-13 hours flight, the thought of another two hours standing in a line to get my fingers squashed by a “friendly” official so that the fingerprint reader gets an acceptable reading within a couple of attempts means that I try to avoid travelling to or via the US altogether.

In classic government doublespeak, the benefits of US-VISIT are touted as “Protects the privacy of our visitors” and “demonstrate that we remain a welcoming nation.” Yeah, right!

Sometimes the US efforts to collect the biometrics of every single human being have been more subtle. I think the current “Server in the Sky” concept falls into this category. Police from the International Information Consortium (US, UK, Canada, Australia, and NZ) will be able to exchange biometrics and personal information about criminals and suspects. New Zealand is “considering joining the consortium.”

These five countries already share intelligence amongst themselves and co-operate in running Echelon, the global eavesdropping service that can listen into telephone, radio, and email communication.

What’s subtle about this is that anything submitted for matching also gets added to the US biometrics database. And that’s another step forward in the grand plan to collect the world’s biometrics.

What’s wrong with this? Why shouldn’t we all do our bit in the fight against global terror and criminals? If you haven’t done anything wrong, surely you have nothing to fear from having your biometrics in a US database?

You do… because the central belief that collecting the world’s biometrics will substantially solve all the US’s security problems is wrong. Because the US federal authorities have not proven themselves worthy of such trust. Because the US has a long history of subsequent misuse to achieve more pressing national security concerns. Because “acceptable collateral damage” from data inaccuracies means a lot of grief for some innocent people.